Freedom of speech is a founding principle of democratic society, and the Internet has become one of the most effective and common means of conveying expression that is likely to be controversial or suppressed. One threat to the freedom of speech online is the now widespread practice of Internet censorship by both private and state interests. These censors use a variety of social and technological means to limit availability or expression of information, stifling the democratic process. Several censorship circumvention tools are designed to allow users to safely and efficiently access censored content by ``routing around'' censorship technology through relays. Using these relays makes it difficult for a censor to determine what content is being accessed by whom. Unfortunately, this difficulty also makes it hard to measure the use and performance of such tools, which in turn leads to challenges in assessing the impact, security and performance of proposed alternatives. This project studied and implemented methods to measure impact, security, and performance of censorship circumvention tools while not compromising the security they provide for users. The results can be broadly arranged into three categories. The first category is concerned with the study of the Tor network, the most widely-used single circumvention tool, with nearly 100 million users worldwide. We developed new ways to measure the number of users, websites, bandwidth, and traffic patterns in Tor, and used these measurements to analyze and change the frequency of choosing new relays, how to balance users between relays, and how to choose which relays to use. We developed new statistical models of traffic patterns to allow better simulation of the Tor network. We also developed new methods to measure the vulnerability of websites to "website fingerprinting" attacks on Tor. Our results led to changes in the Tor software used by millions of users, changes to how the Tor network monitors its use, and changes to Shadow, a simulator used by dozens of groups to conduct research on Tor. The second category concerns other circumvention schemes proposed by researchers. We developed new attacks against "decoy routing" schemes that rely on Internet Service Provider companies to help route around censors, showing that these schemes are too expensive to be deployed by for-profit companies. We discovered a new class of vulnerabilities in "covert transport" protocols, impacting the evaluation of future work in this field. We also developed prototypes for a series of "special purpose" circumvention systems that provide uncensored access to single services such as video sharing, social networks, and web search, while avoiding our new attacks. The final category investigated "encrypted group messaging protocols" and the ability of service providers to monitor and censor the contents of group messages. We found that the encrypted texting app Signal, and other apps based on it like WhatsApp, Facebook Messenger, and Google Allo, are vulnerable to attacks in the group setting that allow servers to discover the contents of some messages, and drop or change the order of messages. We developed a new prototype application that avoids these attacks, and a new prototype application that allows users to exchange contact information while hiding who is friends with whom from service providers. The project gathered data and developed simulation software that can be used by developers and other researchers to evaluate new designs for censorship circumvention protocols; it also resulted in many changes to the Tor network's software and protocols, directly impacting the privacy of millions of users worldwide. The project additionally contributed to the education of hundreds of undergraduate students through course lectures, as well as the research training of ten undergraduates and five graduate students.
Comments
Please register or sign in to add a comment.